Total
759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1930 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
| The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834. | |||||
| CVE-2009-0620 | 1 Cisco | 2 Application Control Engine Module, Catalyst | 2025-04-09 | 10.0 HIGH | N/A |
| Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.1) uses default (1) usernames and (2) passwords for (a) the administrator and (b) web management, which makes it easier for remote attackers to perform configuration changes or obtain operating-system access. | |||||
| CVE-2008-0901 | 2 Bea, Bea Systems | 2 Weblogic Server, Weblogic Server | 2025-04-09 | 7.1 HIGH | N/A |
| BEA WebLogic Server and Express 7.0 through 10.0 allows remote attackers to conduct brute force password guessing attacks, even when account lockout has been activated, via crafted URLs that indicate whether a guessed password is successful or not. | |||||
| CVE-2009-3180 | 1 Anantasoft | 1 Gazelle Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php. | |||||
| CVE-2009-2508 | 1 Microsoft | 2 Windows Server 2003, Windows Server 2008 | 2025-04-09 | 6.9 MEDIUM | N/A |
| The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability." | |||||
| CVE-2008-3840 | 1 Craftysyntax | 1 Crafty Syntax Live Help | 2025-04-09 | 5.0 MEDIUM | N/A |
| Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | |||||
| CVE-2008-1218 | 1 Dovecot | 1 Dovecot | 2025-04-09 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified. | |||||
| CVE-2007-4261 | 1 Ez Photo Sales | 1 Ez Photo Sales | 2025-04-09 | 7.5 HIGH | N/A |
| EZPhotoSales 1.9.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) a file containing cleartext passwords via a direct request for OnlineViewing/data/galleries.txt, or (2) a file containing username hashes and password hashes via a direct request for OnlineViewing/configuration/config.dat/. NOTE: vector 2 can be leveraged for administrative access because authentication does not require knowledge of cleartext values, but instead uses the username hash in the ConfigLogin parameter and the password hash in the ConfigPassword parameter. | |||||
| CVE-2009-0503 | 1 Ibm | 1 Websphere Message Broker | 2025-04-09 | 2.1 LOW | N/A |
| IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database connection password to the Event Log and System Log during exception handling for a JDBC error, which allows local users to obtain sensitive information by reading these logs. | |||||
| CVE-2009-3548 | 1 Apache | 1 Tomcat | 2025-04-09 | 7.5 HIGH | N/A |
| The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges. | |||||
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2025-04-09 | 4.6 MEDIUM | N/A |
| IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | |||||
| CVE-2008-0724 | 1 The Everything Development Company | 1 The Everything Development Engine | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Everything Development Engine in The Everything Development System Pre-1.0 and earlier stores passwords in cleartext in a database, which makes it easier for context-dependent attackers to obtain access to user accounts. | |||||
| CVE-2009-4463 | 1 Intellicom | 3 Netbiter Webscada Firmware, Netbiter Webscada Ws100, Netbiter Webscada Ws200 | 2025-04-09 | 10.0 HIGH | N/A |
| Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords. | |||||
| CVE-2009-0013 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
| dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. | |||||
| CVE-2008-1542 | 1 Airspan | 1 Base Station Distribution Unit | 2025-04-09 | 7.5 HIGH | N/A |
| Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its password for the root account, which allows remote attackers to obtain administrative access via a telnet login, a different vulnerability than CVE-2008-1262. | |||||
| CVE-2009-2084 | 1 Llnl | 1 Slurm | 2025-04-09 | 7.2 HIGH | N/A |
| Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges. | |||||
| CVE-2007-4526 | 2 Netiq, Novell | 2 Identity Manager, Client Login Extension \(cle\) | 2025-04-09 | 2.1 LOW | N/A |
| The Client Login Extension (CLE) in Novell Identity Manager before 3.5.1 20070730 stores the username and password in a local file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2009-1075 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | 5.0 MEDIUM | N/A |
| Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds differently to failed use of the Forgot Password feature depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2009-2435 | 1 Ibm | 1 Lotus Instant Messaging And Web Conferencing | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
| CVE-2008-6232 | 1 Preprojects | 1 Pre Shopping Mall | 2025-04-09 | 7.5 HIGH | N/A |
| Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to "admin". | |||||